<?php
/* 
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

/**
 * Description of login
 *
 * @author Nhan Nguyen
 */
defined('IN_ADMIN') or die('Hacking Attempt!');

$_sTable = 'admin';

if(!isset($_SESSION[SESSION_NAME])){
    if(isset($_POST['loginButton'])){
        $aVal = array(
          'user' => isset($_POST['user']) ? htmlspecialchars($_POST['user'], ENT_QUOTES) : '',
          'pass' => isset($_POST['pass']) ? md5($_POST['pass']) : ''
        );

        $sSql = "SELECT * FROM $_sTable WHERE username='". $aVal['user'] ."' AND password='". $aVal['pass']. "'";
        $aResult = mysql::querySql($sSql);
        if($aResult->num_rows > 0){
            $_SESSION[SESSION_NAME] = $aVal['user'];
            func::redirect(func::makeUrl('index'));
        }else{
            func::redirect(func::makeUrl('login'));
        }
    }
}else{
    func::redirect(func::makeUrl('index'));
}
?>
